July 2024: Cyber Threats You Need to Know About
Imagine waking up to find your organization's website down, customer data exposed, and important files locked away. This isn't just a scene from a spy movie - it's the chilling reality of today's cyber threat landscape. As leaders, we navigate a digital world brimming with opportunity, but also lurking with hidden dangers. Let's review the latest cybersecurity news, understand how cyber threats can impact your organization, and explore effective strategies to safeguard your critical assets.
Recent and Current Cyber Threats
Google and Microsoft Malware Alert
A new cyber-attack disguises itself as popular programs like Google Chrome and Microsoft Word to steal money. Since March, attackers have been tricking users into downloading malware by posing as fake updates or error messages. This malware can steal your company's sensitive information and even reroute cryptocurrency payments.
The key to stopping this attack is user awareness. Train your employees to be suspicious of any unexpected prompts, downloads, or error messages, especially those asking them to use unfamiliar programs. Learn more about this threat
Business Email Compromise (BEC)
Business Email Compromise (BEC) attacks, a type of social engineering scam that compromises legitimate business email accounts, are now the top method of attack on businesses. Arctic Wolf found a staggering 70% of businesses worldwide were targets of a BEC attempt in just the last year.
Shielding your business from BEC scams requires a multi-layered defense. The first line is an informed workforce. Regular cybersecurity training empowers employees to spot suspicious emails. Train them to check sender addresses carefully, for slight variations in spelling or use of free email services. Encourage them to question urgency in emails, especially those requesting financial actions, and to verify requests directly with the sender through a trusted channel, like a phone call. Finally, consider implementing multi-factor authentication for sensitive accounts, adding an extra layer of security beyond just a password. Learn more about this trend
Scattered Spider Impersonating Employees
According to Beeping Computer, a hacker group called Scattered Spider is targeting businesses by impersonating employees to gain access to cloud accounts. Once inside, they use legitimate tools to move data to their own cloud storage and learn more about the network.
To combat this, your company can build a strong defense on two fronts:
Employee Awareness: Train staff to be vigilant about social engineering attempts. Teach them red flags like unusual requests, pressure tactics, and unfamiliar email addresses (even slight variations of real colleagues). Emphasize verifying information directly with the sender through established channels, not replying to suspicious emails.
Multi-Layered Security: Implement strong Multi-Factor Authentication (MFA) for all cloud accounts. MFA adds an extra step beyond just a password, making it much harder for attackers to gain access even with stolen credentials. Additionally, consider stricter access controls within cloud platforms, limiting employees’ ability to share data excessively or with unauthorized parties. Learn how to secure your cloud data
Nonprofits Are Easy Targets
Nonprofits are unfortunately attractive targets for cyberattacks due to a few reasons. Nonprofits often have limited budgets, which can lead to outdated technology and a lack of cybersecurity awareness training for staff. This makes it easier for attackers to infiltrate their systems. Additionally, nonprofits often hold valuable data such as donor credit card information, which can be a target for thieves. In some cases, nonprofits are targeted because of the causes they support.
Protecting your non-profit's data and network from cyberattacks is crucial to maintaining donor trust and mission effectiveness. Here's a two-fold approach
Start by implementing strong cybersecurity measures like multi-factor authentication and keeping software up-to-date. Regular data backups ensure a safety net in case of breaches.
Educate your staff and volunteers on common cyber threats like phishing emails. Train them to identify suspicious activity and instill a culture of security awareness. By combining technical safeguards with a vigilant team, your non-profit can significantly reduce the risk of cyberattacks.
Car Dealerships Lose CDK Access Due to Attack
A major disruption is impacting car dealerships nationwide. CDK Global, a key provider of dealership management software, was hit by a cyberattack forcing them to shut down systems. This has led to delays and potential losses for dealerships, some resorting to manual processes. CDK is working on restoring systems, but it could take several days. Reports suggest hackers are demanding millions in ransom, highlighting the ongoing cybersecurity threats businesses face. Read more
Another Healthcare Ransomware Attack Exposes Data of Millions
A new ransomware threat, RansomHub, is targeting major organizations, including healthcare providers like Change Healthcare. This isn't entirely new - it's likely a rebranded version of recently shut down ransomware, highlighting a growing trend of rapid relaunch under different names. RansomHub is especially concerning due to its efficiency, collaboration with other criminal groups, and focus on attacking during off-hours. This emphasizes the critical need for robust, 24/7 cybersecurity measures, particularly in healthcare where a successful attack could have life-threatening consequences. Learn More About This Threat
The evolving cyber threat scene can feel daunting, but by staying informed and proactive, you can significantly reduce your organization's vulnerability. Remember, cybersecurity is a shared responsibility. Train your employees, implement strong technical safeguards, and prioritize regular updates and backups. By working together, we can navigate the digital age with confidence, protecting our critical assets and ensuring the smooth operation of our businesses and organizations.
